From selfie pay to heartbeat authentication: Here’s how MasterCard is simplifying and securing transactions

Ajay Bhalla, President, Enterprise Security Solutions, MasterCard shares how the company is improving its security measures amid increased concerns around data breaches by using innovative methods and technologies.

MasterCard is envisioning a future of ubiquitous payments, where practically every device has the ability to pay for things. Recently, it featured on the Boston Consulting Group’s annual list of top 50 global innovators with a part of the innovation at MasterCard focusing on payments, including enabling mobile and peer-to-peer transactions. Ajay Bhalla, President, Enterprise Security Solutions, MasterCard in an interaction with ETCIO.com shares how the company is improving its security measures amid increased concerns around data breaches by using innovative methods and technologies.

How has been MasterCard’s approach and strategy towards information security to cover all channels and devices?

We believe that the customer should be able to use MasterCard to make a payment anywhere and at any time in a secure manner. We have always looked at multi-layered approach for security. This has worked well as we have constantly innovated and have stayed ahead of the threats which we foresee to strike in the future. For example, EMV chip has proved to be a big panacea for handling fraud in the physical world. Wherever we have put EMV chips, fraud has gone down by almost 80 percent in that country. India has already moved to EMV chip while the US is moving now.

We have a three pronged strategy for security that includes preventing, detecting and enhancing. We basically look at all kinds of new technologies to ensure that fraud does not happen.

Q. What are the new innovations in security that you have been working on to strengthen your role in making commerce securely available anywhere, any time and on any digital device?

Transactions ranging from booking a flight to hotel rooms to booking a cab and even ordering meal are happening online, and all these have their own set of challenges.

In the digital world we have solutions that are working really well. For mobile users we launched MasterCard Digital Enablement Services (MDES), which is a secure mobile payment solution. The solution digitally enables a device by replacing the card number with a token. What we do here is put the users’ credentials in the device, secure it and then it works like an EMV chip and is highly secure. There is an added security which is created on the device as we do not use the real card number of the user. In the worst case, if anybody gets the card number, it still cannot be misused. Apple Pay, Android Pay and Samsung Pay are using MDES. It is an excellent example of how a secure innovation can happen.

In the future we will be moving towards biometric authentication. We have already created a new technology that lets online users authorize a transaction either with their fingerprint or with a snapshot of their face instead of a password, called “selfie pay.” The blink feature prevents a criminal from holding up another person’s picture. Another advantage for authorizing a transaction with a photo removes the need for remembering yet another password.

We finished a pilot in the US and are currently working on a pilot in the Netherlands, which use facial recognition technology for payment verification.

We have also successfully tested heartbeat-authenticated payments in Canada with a company called Nymi. Such forms of authentication can be a more secure and convenient way to make retail payments. So we continue to invest in and explore cutting edge payment technologies.

Q. How are you maximizing your product innovation and security investments? Are you also looking at crowdsourced efforts to make online services safer and more secure?

MasterCard DigiSec Lab represents our collective efforts to maximize product innovation and security investments. Whether testing the latest in EMV chip cards, mobile payments or biometric authentication, the DigiSec Lab team deconstructs the technology to identify opportunities to strengthen it and continue to protect consumers, merchants and financial institutions from fraud. Here we try to hack into our systems.

The team at the lab uncovers potential threats and problems most people don’t even know exist. To aid in these efforts, the team fires lasers at payment cards, normally used in deep astronomy, and uses X-ray machines to analyze gadgets used by hackers, in addition to other activities.

We also conduct hackathons around the world to scout out for new ideas. Recently, developers across the globe competed for $100,000 during the MasterCard Masters of Code global hackathon grand finale in San Francisco on December 5 and 6. For the past ten months, the Masters of Code competition traversed the globe – from Singapore to New York to Tel Aviv – hosting regional weekend-long events that tasked the world’s top coders, developers, designers and entrepreneurs to create new consumer payments solutions featuring MasterCard APIs. We opened our APIs to see what they are inspired to create next and promote financial inclusion globally.

Q. What do you see as the next advances in card and payment security?

Today the world is 50 percent on EMV chip and within the next five years will see 100 percent of the market to become chip.

We will also see more and more transactions getting authenticated. Globally we do 2 billion secure code transactions, where we authenticate them. But in countries that have moved to EMV, we are clearly seeing a pattern where fraud is moving towards e-commerce. This means we will see more authentications. We will also see more authentications happening with consumer friendly technologies like selfie pay, voice pay, finger print etc. as these technologies are now available and scalable.

We will also see transactions getting screened. As a company we process around 50 billion transactions across the globe and we have got a lot of data. So there will be more of Artificial Intelligence and robotic solutions coming into play.